Spam, Phishing, and Clickbait: An Overview of Internet Scams

Anyone who has ever had an email account understands the concept of spam — unwanted mass communiques that clutter up your inbox with their offers for discount Viagra, sexy singles near you, miracle weight loss products, or “free” Amazon gift cards. But when did spam first appear, why can’t we ever seem to eradicate it, and how has it evolved? Today we’re looking at spam, phishing, clickbait, and other frauds that target ordinary Internet users with malicious or mercenary intent.

The Beginning: Spam

The first instance of spam dates all the way back to 1978, believe it or not! It happened on ARPAnet, a precursor of the ‘net as we know and love it today. The perpetrator was a marketer for the Digital Equipment Corporation named Gary Thuerk. The message that he sent out to 400 ARPAnet users was a mistake; in some ways it’s more akin to the corporate faux pas of hitting “reply all” than to an email purporting to be from PayPal employees or touting a new penis enlargement product. Nevertheless, that message can be considered the first example of what is now a commonplace annoyance.

AOL and the Birth of Phishing

In the mid-1990s, America Online was by far the most popular way to access this new frontier known as the Internet. Millions of users created screen names and logged on each day, hoping to hear that friendly male voice proclaim “You’ve got mail!” In the chat rooms, listservs, and Geocities pages that AOL provided users access to, ordinary people rubbed elbows with criminals who were going online not so much for fun, but for profit. By using algorithms to generate random credit card numbers and stealing passwords, these so-called “phishers” were information superhighway robbers from the very beginning.

Spoofing Begins to Surface

It wasn’t long before phishing attacks took on a specific form. Spoofing involved creating email accounts, websites, and emails themselves that were easily mistaken for those of reputable companies. By impersonating PayPal, eBay, a whole slew of financial institutions, ISPs, and more, the bad guys could fool innocent internet users into providing their account details, passwords, banking information, and even Social Security numbers. As consumers became savvier to these tricks and stopped falling for the ploys, the phishers became more sophisticated in turn, cranking out more cleverly designed messages than ever before.

A Spin-Off: Spear Phishing

While phishing attacks cast a broad net in the hopes of snagging just a few victims, spear phishing gets personal. Spear phishing emails or messages use targeted information about the would-be victim, such as their hometown, hobbies, alma mater, employer, and online purchases to impersonate a friend or friendly entity. The goal is to get sensitive information such as PINs, access codes, Social Security numbers, passwords, and the like which spear phishers can then use to access bank accounts or even to create phony identities.

What About Clickbait?

Clickbait — articles, videos, or thumbnail ads that have intriguing titles designed to get users to click — can be fairly innocuous, or it can be malicious. Marketers use clickbait titles to ramp up views, likes, follows, and shares — all of which ultimately mean getting advertisements in front of more eyeballs. But there is also plenty of clickbait that’s deployed as part of a phishing attack, often by transmitting a virus or malware onto your device after you have clicked on a particular link.

If you’ve ever seen a supposed “friend” post something sketchy on your Facebook wall, or if you have ever been sent a private message telling you to check out the attached video that doesn’t look like something your pal would send, you have been targeted by a clickbait phishing attempt.

How To Avoid Getting Scammed, Spammed, or Phished

Experts say that exercising your skepticism will serve you well. Don’t open links that are sent by strangers or that seem sketchy. Hover over the URL or anchor text to see what the destination website is, and don’t navigate there unless it’s on the up-and-up. When in doubt, open a new browser window to access your bank, PayPal account, or similar sites on your own rather than using a provided link. Delete anything that raises your hackles, including friend requests.

Of course, it’s always smart to do your research, too. Pop a portion of the email subject line or message into a search bar and see what comes up. You might very well find out that you’ve been targeted. Stay up to date on popular scams by connecting with us on social media, too!